Pre-requires
Introduction
VyOS is an open source network operating system Linux distribution based on Debian.
VyOS provides a free routing platform that competes directly with other commercially available solutions from well-known network providers. Because VyOS is run on standard amd64 systems, it can be used as a router and firewall platform for cloud deployments. VyOS can also be optimized to achieve routing at 100Gbps.
Features
Routing and Protocols
Monitoring
High Availability and Load Balancing
- VRRP for IPv4 and IPv6, ability to execute custom health checks and transition scripts
Running on Proxmox VE
https://docs.vyos.io/en/latest/installation/virtual/proxmox.html
VyOS rolling release
https://vyos.net/get/nightly-builds/
Installation
https://docs.vyos.io/en/latest/installation/install.html#live-installation https://docs.vyos.io/en/latest/installation/install.html#permanent-installation
In order to proceed with a permanent installation:
Log into the VyOS live system (use the default credentials: vyos, vyos)
Run the install image command and follow the wizard
NAT gateway
https://docs.vyos.io/en/latest/quick-start.html
list all of interfaces
show interfacesConfiguration Mode
By default, VyOS is in operational mode, and the command prompt displays a $. To configure VyOS, you will need to enter configuration mode, resulting in the command prompt displaying a #, as demonstrated below:
vyos@vyos$ configure
vyos@vyos#Interface Configuration
Your outside/WAN interface will be eth0. It will receive its interface address via DHCP. Your internal/LAN interface will be eth1, eth2. It will use a static IP address of 192.168.0.1/24.
outside/WAN
set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth0 description 'OUTSIDE'Create a Bridge Interface
Start by creating a bridge interface (e.g., br0) to aggregate your LAN ports:
set interfaces bridge br0 description 'LAN bridge'
set interfaces bridge br0 stp
set interfaces bridge br0 address 192.168.0.1/24- stp enables the spanning tree protocol (stp) to prevent loops.
- Assign an IP address to the bridge for LAN gateway access.
Add LAN Interfaces to the Bridge
Assuming your LAN interfaces are eth1, and eth2, add them to the bridge:
set interfaces bridge br0 member interface eth1
set interfaces bridge br0 member interface eth2This configuration treats the specified interfaces as switch ports, allowing devices connected to them to communicate within the same LAN.
Configure NAT for Internet Access
WAN interface is eth0, set up NAT to allow LAN devices to access the internet:
set nat source rule 100 outbound-interface name 'eth0'
set nat source rule 100 source address '192.168.0.0/24'
set nat source rule 100 translation address masqueradeDHCP/DNS quick-start
The following settings will configure DHCP and DNS services on your internal/LAN network, where VyOS will act as the default gateway and DNS server.
- The default gateway and DNS recursor address will be 192.168.0.1/24
- The address range 192.168.0.2/24 - 192.168.0.8/24 will be reserved for static assignments
- DHCP clients will be assigned IP addresses within the range of 192.168.0.9 - 192.168.0.254 and have a domain name of internal-network
- DHCP leases will hold for one day (86400 seconds)
- VyOS will serve as a full DNS recursor, replacing the need to utilize Google, Cloudflare, or other public DNS servers (which is good for privacy)
- Only hosts from your internal/LAN network can use the DNS recursor
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 option default-router '192.168.0.1'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 option name-server '192.168.0.1'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 option domain-name 'vyos.net'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 lease '86400'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 range 0 start '192.168.0.9'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 range 0 stop '192.168.0.254'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 subnet-id '1'
set service dns forwarding cache-size '0'
set service dns forwarding listen-address '192.168.0.1'
set service dns forwarding allow-from '192.168.0.0/24'Firewall
https://docs.vyos.io/en/latest/quick-start.html#firewall
Commit and Save
After every configuration change, you need to apply the changes by using the following command:
commitOnce your configuration works as expected, you can save it permanently by using the following command:
saveWWAN - Wireless Wide-Area-Network
https://docs.vyos.io/en/stable/configuration/interfaces/wwan.html
Supported LTE cards
- Sierra Wireless AirPrime MC7304 miniPCIe card (LTE)
- Sierra Wireless AirPrime MC7430 miniPCIe card (LTE)
- Sierra Wireless AirPrime MC7455 miniPCIe card (LTE)
- Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)
- Huawei ME909u-521 miniPCIe card (LTE)
- Huawei ME909s-120 miniPCIe card (LTE)
Supported WIFI cards
VyOS is based on Debian (depends on the version, like 1.3 → Debian 10 “Buster”), so Wi-Fi card compatibility is similar to Debian Linux. These chipsets are usually your safest bet:
Atheros AR9xxx series (ath9k)
✅ Fully open-source drivers ✅ Stable and well-supported in Debian Works in both AP and client mode Good for hostapd (if you’re trying to make VyOS a Wi-Fi AP)